My system is infected with a virus and I can't seem to clean it up.

One of my NT 4.0 Servers is infected with the w32.spybot.ALRD virus and I can't delete or quaranteen it. I have ran the latest updates and even tried removing it manually from the registry but I have not luck. Any ideas on what I can do to clean this up?
frankbustosAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bgbeerCommented:
first thing U need to do is to find a barts pe, erd commander or a linux bootable cd
something that will give u access to the harddrive while keeping it inactive so that u can remove the virus.
0
bgbeerCommented:
let me back up a minute!
the first thing I would do is to unplug this server from the network because it is a network aware worm that can and will spread to all other computers on the network.

after that u need to pull the ram and the cmos battery and let it sit for 10 minutes or so to empty all memory.
at that point find yourself a bootable cd that will keep your haddrive inactive while working w/ it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bgbeerCommented:
the other thing u that more than likely will need to be don is to reinstall
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

frankbustosAuthor Commented:
Hi bgbeer,
   Ok, I will get it off the network then boot it with the ERD commander cd and see if I can delete the virus that way. I will let you know the results tomorrow as i'm off work for the rest of the evening.
0
bgbeerCommented:
frank, after booting to erd commander the first thing I would do is tocheck for running processes.

with erd commander u will have restore points I would use them.
0
frankbustosAuthor Commented:
bgbeer,

  sounds good, I will do that.
thanks.
0
bgbeerCommented:
no problem

good luck
0
frankbustosAuthor Commented:
thanks bgbeer,  I was able to clean out the system and get it back to normal.
0
bgbeerCommented:
glad I could help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.